netxduo
Select one of the symbols to view example projects that use it.
 
Outline
...
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_tls.h"
...
...
_nx_secure_tls_process_serverhello(NX_SECURE_TLS_SESSION *, UCHAR *, UINT)
Files
netxduo
addons
common
crypto_libraries
nx_secure
inc
ports
src
nx_secure_dtls_allocate_handshake_packet.c
nx_secure_dtls_client_handshake.c
nx_secure_dtls_client_protocol_version_override.c
nx_secure_dtls_client_session_start.c
nx_secure_dtls_ecc_initialize.c
nx_secure_dtls_hash_record.c
nx_secure_dtls_initialize.c
nx_secure_dtls_packet_allocate.c
nx_secure_dtls_process_clienthello.c
nx_secure_dtls_process_handshake_header.c
nx_secure_dtls_process_header.c
nx_secure_dtls_process_helloverifyrequest.c
nx_secure_dtls_process_record.c
nx_secure_dtls_psk_add.c
nx_secure_dtls_receive_callback.c
nx_secure_dtls_retransmit_queue_flush.c
nx_secure_dtls_retransmit.c
nx_secure_dtls_send_clienthello.c
nx_secure_dtls_send_handshake_record.c
nx_secure_dtls_send_helloverifyrequest.c
nx_secure_dtls_send_record.c
nx_secure_dtls_send_serverhello.c
nx_secure_dtls_server_create.c
nx_secure_dtls_server_delete.c
nx_secure_dtls_server_ecc_initialize.c
nx_secure_dtls_server_handshake.c
nx_secure_dtls_server_local_certificate_add.c
nx_secure_dtls_server_local_certificate_remove.c
nx_secure_dtls_server_notify_set.c
nx_secure_dtls_server_protocol_version_override.c
nx_secure_dtls_server_psk_add.c
nx_secure_dtls_server_session_send.c
nx_secure_dtls_server_session_start.c
nx_secure_dtls_server_start.c
nx_secure_dtls_server_stop.c
nx_secure_dtls_server_trusted_certificate_add.c
nx_secure_dtls_server_trusted_certificate_remove.c
nx_secure_dtls_server_x509_client_verify_configure.c
nx_secure_dtls_server_x509_client_verify_disable.c
nx_secure_dtls_session_cache.c
nx_secure_dtls_session_client_info_get.c
nx_secure_dtls_session_create.c
nx_secure_dtls_session_delete.c
nx_secure_dtls_session_end.c
nx_secure_dtls_session_local_certificate_add.c
nx_secure_dtls_session_local_certificate_remove.c
nx_secure_dtls_session_receive.c
nx_secure_dtls_session_reset.c
nx_secure_dtls_session_send.c
nx_secure_dtls_session_sliding_window_check.c
nx_secure_dtls_session_sliding_window_update.c
nx_secure_dtls_session_start.c
nx_secure_dtls_session_trusted_certificate_add.c
nx_secure_dtls_session_trusted_certificate_remove.c
nx_secure_dtls_verify_mac.c
nx_secure_module_hash_compute.c
nx_secure_tls_1_3_client_handshake.c
nx_secure_tls_1_3_crypto_init.c
nx_secure_tls_1_3_finished_hash_generate.c
nx_secure_tls_1_3_generate_keys.c
nx_secure_tls_1_3_server_handshake.c
nx_secure_tls_1_3_session_keys_set.c
nx_secure_tls_1_3_transcript_hash_save.c
nx_secure_tls_active_certificate_set.c
nx_secure_tls_allocate_handshake_packet.c
nx_secure_tls_check_protocol_version.c
nx_secure_tls_ciphersuite_lookup.c
nx_secure_tls_client_handshake.c
nx_secure_tls_client_psk_set.c
nx_secure_tls_ecc_generate_keys.c
nx_secure_tls_ecc_initialize.c
nx_secure_tls_find_curve_method.c
nx_secure_tls_finished_hash_generate.c
nx_secure_tls_generate_keys.c
nx_secure_tls_generate_premaster_secret.c
nx_secure_tls_handshake_hash_init.c
nx_secure_tls_handshake_hash_update.c
nx_secure_tls_handshake_process.c
nx_secure_tls_hash_record.c
nx_secure_tls_initialize.c
nx_secure_tls_key_material_init.c
nx_secure_tls_local_certificate_add.c
nx_secure_tls_local_certificate_find.c
nx_secure_tls_local_certificate_remove.c
nx_secure_tls_map_error_to_alert.c
nx_secure_tls_metadata_size_calculate.c
nx_secure_tls_newest_supported_version.c
nx_secure_tls_packet_allocate.c
nx_secure_tls_packet_release.c
nx_secure_tls_process_certificate_request.c
nx_secure_tls_process_certificate_verify.c
nx_secure_tls_process_changecipherspec.c
nx_secure_tls_process_client_key_exchange.c
nx_secure_tls_process_clienthello_extensions.c
nx_secure_tls_process_clienthello.c
nx_secure_tls_process_encrypted_extensions.c
nx_secure_tls_process_finished.c
nx_secure_tls_process_handshake_header.c
nx_secure_tls_process_header.c
nx_secure_tls_process_newsessionticket.c
nx_secure_tls_process_record.c
nx_secure_tls_process_remote_certificate.c
nx_secure_tls_process_server_key_exchange.c
nx_secure_tls_process_serverhello_extensions.c
nx_secure_tls_process_serverhello.c
nx_secure_tls_protocol_version_get.c
nx_secure_tls_psk_add.c
nx_secure_tls_psk_binder_generate.c
nx_secure_tls_psk_find.c
nx_secure_tls_psk_identity_find.c
nx_secure_tls_record_hash_calculate.c
nx_secure_tls_record_hash_initialize.c
nx_secure_tls_record_hash_update.c
nx_secure_tls_record_payload_decrypt.c
nx_secure_tls_record_payload_encrypt.c
nx_secure_tls_remote_certificate_allocate.c
nx_secure_tls_remote_certificate_buffer_allocate.c
nx_secure_tls_remote_certificate_free_all.c
nx_secure_tls_remote_certificate_free.c
nx_secure_tls_remote_certificate_verify.c
nx_secure_tls_send_alert.c
nx_secure_tls_send_certificate_request.c
nx_secure_tls_send_certificate_verify.c
nx_secure_tls_send_certificate.c
nx_secure_tls_send_changecipherspec.c
nx_secure_tls_send_client_key_exchange.c
nx_secure_tls_send_clienthello_extensions.c
nx_secure_tls_send_clienthello.c
nx_secure_tls_send_encrypted_extensions.c
nx_secure_tls_send_finished.c
nx_secure_tls_send_handshake_record.c
nx_secure_tls_send_hellorequest.c
nx_secure_tls_send_newsessionticket.c
nx_secure_tls_send_record.c
nx_secure_tls_send_server_key_exchange.c
nx_secure_tls_send_serverhello_extensions.c
nx_secure_tls_send_serverhello.c
nx_secure_tls_server_certificate_add.c
nx_secure_tls_server_certificate_find.c
nx_secure_tls_server_certificate_remove.c
nx_secure_tls_server_handshake.c
nx_secure_tls_session_alert_value_get.c
nx_secure_tls_session_certificate_callback_set.c
nx_secure_tls_session_client_callback_set.c
nx_secure_tls_session_client_verify_disable.c
nx_secure_tls_session_client_verify_enable.c
nx_secure_tls_session_create_ext.c
nx_secure_tls_session_create.c
nx_secure_tls_session_delete.c
nx_secure_tls_session_end.c
nx_secure_tls_session_iv_size_get.c
nx_secure_tls_session_keys_set.c
nx_secure_tls_session_packet_buffer_set.c
nx_secure_tls_session_protocol_version_override.c
nx_secure_tls_session_receive_records.c
nx_secure_tls_session_receive.c
nx_secure_tls_session_renegotiate_callback_set.c
nx_secure_tls_session_renegotiate.c
nx_secure_tls_session_reset.c
nx_secure_tls_session_send.c
nx_secure_tls_session_server_callback_set.c
nx_secure_tls_session_sni_extension_parse.c
nx_secure_tls_session_sni_extension_set.c
nx_secure_tls_session_start.c
nx_secure_tls_session_time_function_set.c
nx_secure_tls_session_x509_client_verify_configure.c
nx_secure_tls_shutdown.c
nx_secure_tls_trusted_certificate_add.c
nx_secure_tls_trusted_certificate_remove.c
nx_secure_tls_verify_mac.c
nx_secure_x509_asn1_tlv_block_parse.c
nx_secure_x509_certificate_chain_verify.c
nx_secure_x509_certificate_initialize.c
nx_secure_x509_certificate_list_add.c
nx_secure_x509_certificate_list_find.c
nx_secure_x509_certificate_list_remove.c
nx_secure_x509_certificate_revocation_list_parse.c
nx_secure_x509_certificate_verify.c
nx_secure_x509_common_name_dns_check.c
nx_secure_x509_crl_revocation_check.c
nx_secure_x509_crl_verify.c
nx_secure_x509_distinguished_name_compare.c
nx_secure_x509_distinguished_name_parse.c
nx_secure_x509_dns_name_initialize.c
nx_secure_x509_ec_private_key_parse.c
nx_secure_x509_expiration_check.c
nx_secure_x509_extended_key_usage_extension_parse.c
nx_secure_x509_extension_find.c
nx_secure_x509_find_certificate_methods.c
nx_secure_x509_find_curve_method.c
nx_secure_x509_free_certificate_get.c
nx_secure_x509_key_usage_extension_parse.c
nx_secure_x509_local_certificate_find.c
nx_secure_x509_local_device_certificate_get.c
nx_secure_x509_oid_parse.c
nx_secure_x509_pkcs1_rsa_private_key_parse.c
nx_secure_x509_pkcs7_decode.c
nx_secure_x509_remote_endpoint_certificate_get.c
nx_secure_x509_store_certificate_add.c
nx_secure_x509_store_certificate_find.c
nx_secure_x509_store_certificate_remove.c
nx_secure_x509_subject_alt_names_find.c
nx_secure_x509_wildcard_compare.c
nx_secure_x509.c
nxe_secure_dtls_client_protocol_version_override.c
nxe_secure_dtls_client_session_start.c
nxe_secure_dtls_ecc_initialize.c
nxe_secure_dtls_packet_allocate.c
nxe_secure_dtls_psk_add.c
nxe_secure_dtls_server_create.c
nxe_secure_dtls_server_delete.c
nxe_secure_dtls_server_ecc_initialize.c
nxe_secure_dtls_server_local_certificate_add.c
nxe_secure_dtls_server_local_certificate_remove.c
nxe_secure_dtls_server_notify_set.c
nxe_secure_dtls_server_protocol_version_override.c
nxe_secure_dtls_server_psk_add.c
nxe_secure_dtls_server_session_send.c
nxe_secure_dtls_server_session_start.c
nxe_secure_dtls_server_start.c
nxe_secure_dtls_server_stop.c
nxe_secure_dtls_server_trusted_certificate_add.c
nxe_secure_dtls_server_trusted_certificate_remove.c
nxe_secure_dtls_server_x509_client_verify_configure.c
nxe_secure_dtls_server_x509_client_verify_disable.c
nxe_secure_dtls_session_client_info_get.c
nxe_secure_dtls_session_create.c
nxe_secure_dtls_session_delete.c
nxe_secure_dtls_session_end.c
nxe_secure_dtls_session_local_certificate_add.c
nxe_secure_dtls_session_local_certificate_remove.c
nxe_secure_dtls_session_receive.c
nxe_secure_dtls_session_reset.c
nxe_secure_dtls_session_send.c
nxe_secure_dtls_session_start.c
nxe_secure_dtls_session_trusted_certificate_add.c
nxe_secure_dtls_session_trusted_certificate_remove.c
nxe_secure_tls_active_certificate_set.c
nxe_secure_tls_client_psk_set.c
nxe_secure_tls_local_certificate_add.c
nxe_secure_tls_local_certificate_find.c
nxe_secure_tls_local_certificate_remove.c
nxe_secure_tls_metadata_size_calculate.c
nxe_secure_tls_packet_allocate.c
nxe_secure_tls_psk_add.c
nxe_secure_tls_remote_certificate_allocate.c
nxe_secure_tls_remote_certificate_buffer_allocate.c
nxe_secure_tls_remote_certificate_free_all.c
nxe_secure_tls_server_certificate_add.c
nxe_secure_tls_server_certificate_find.c
nxe_secure_tls_server_certificate_remove.c
nxe_secure_tls_session_alert_value_get.c
nxe_secure_tls_session_certificate_callback_set.c
nxe_secure_tls_session_client_callback_set.c
nxe_secure_tls_session_client_verify_disable.c
nxe_secure_tls_session_client_verify_enable.c
nxe_secure_tls_session_create.c
nxe_secure_tls_session_delete.c
nxe_secure_tls_session_end.c
nxe_secure_tls_session_packet_buffer_set.c
nxe_secure_tls_session_protocol_version_override.c
nxe_secure_tls_session_receive.c
nxe_secure_tls_session_renegotiate_callback_set.c
nxe_secure_tls_session_renegotiate.c
nxe_secure_tls_session_reset.c
nxe_secure_tls_session_send.c
nxe_secure_tls_session_server_callback_set.c
nxe_secure_tls_session_sni_extension_parse.c
nxe_secure_tls_session_sni_extension_set.c
nxe_secure_tls_session_start.c
nxe_secure_tls_session_time_function_set.c
nxe_secure_tls_session_x509_client_verify_configure.c
nxe_secure_tls_trusted_certificate_add.c
nxe_secure_tls_trusted_certificate_remove.c
nxe_secure_x509_certificate_initialize.c
nxe_secure_x509_common_name_dns_check.c
nxe_secure_x509_crl_revocation_check.c
nxe_secure_x509_dns_name_initialize.c
nxe_secure_x509_extended_key_usage_extension_parse.c
nxe_secure_x509_extension_find.c
nxe_secure_x509_key_usage_extension_parse.c
ports
threadx
filex
usbx
HAL
CMSIS
lan8742
SourceVuSTM32 Libraries and Samplesnetxduonx_secure/src/nx_secure_tls_process_serverhello.c
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
/**************************************************************************/ /* */ /* Copyright (c) Microsoft Corporation. All rights reserved. */ /* */ /* This software is licensed under the Microsoft Software License */ /* Terms for Microsoft Azure RTOS. Full text of the license can be */ /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ /* and in the root directory of this software. */ /* */... /**************************************************************************/ ... /**************************************************************************/ /**************************************************************************/ /** */ /** NetX Secure Component */ /** */ /** Transport Layer Security (TLS) */ /** */... /**************************************************************************/ /**************************************************************************/ #define NX_SECURE_SOURCE_CODE #include "nx_secure_tls.h" #if (NX_SECURE_TLS_TLS_1_3_ENABLED) /* Defined in nx_secure_tls_send_serverhello.c */ extern const UCHAR _nx_secure_tls_hello_retry_request_random[32];/* ... */ #endif ... /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_tls_process_serverhello PORTABLE C */ /* 6.1.9 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function processes an incoming ServerHello message, which is */ /* the response to a TLS ClientHello coming from this host. The */ /* ServerHello message contains the desired ciphersuite and data used */ /* in the key generation process later in the handshake. */ /* */ /* INPUT */ /* */ /* tls_session TLS control block */ /* packet_buffer Pointer to message data */ /* message_length Length of message data (bytes)*/ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* _nx_secure_tls_check_protocol_version Checking incoming TLS version */ /* _nx_secure_tls_ciphersuite_lookup Lookup current ciphersuite */ /* _nx_secure_tls_process_serverhello_extensions */ /* Process ServerHello extensions*/ /* [nx_secure_tls_session_client_callback */ /* Client session callback */ /* */ /* CALLED BY */ /* */ /* _nx_secure_dtls_client_handshake DTLS client state machine */ /* _nx_secure_tls_client_handshake TLS client state machine */ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), added */ /* priority ciphersuite logic, */ /* verified memcpy use cases, */ /* fixed renegotiation bug, */ /* resulting in version 6.1 */ /* 10-15-2021 Timothy Stapko Modified comment(s), fixed */ /* TLS 1.3 compilation issue, */ /* resulting in version 6.1.9 */ /* */... /**************************************************************************/ UINT _nx_secure_tls_process_serverhello(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer, UINT message_length) { #ifndef NX_SECURE_TLS_CLIENT_DISABLED UINT length; UCHAR compression_method; USHORT version, total_extensions_length; UINT status; USHORT ciphersuite; USHORT ciphersuite_priority; NX_SECURE_TLS_HELLO_EXTENSION extension_data[NX_SECURE_TLS_HELLO_EXTENSIONS_MAX]; UINT num_extensions; #if (NX_SECURE_TLS_TLS_1_3_ENABLED) USHORT tls_1_3 = tls_session -> nx_secure_tls_1_3; NX_SECURE_TLS_SERVER_STATE old_client_state = tls_session -> nx_secure_tls_client_state; tls_session -> nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_IDLE;/* ... */ #endif /* Parse the ServerHello message. * Structure: * | 2 | 4 + 28 | 1 | <SID len> | 2 | 1 | 2 | <Ext. Len> | * | TLS version | Random (time + random) | SID length | Session ID | Ciphersuite | Compression | Ext. Len | Extensions | *//* ... */ if (message_length < 38) { /* Message was not the minimum required size for a ServerHello. */ return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH); }if (message_length < 38) { ... } /* Use our length as an index into the buffer. */ length = 0; #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if (tls_session -> nx_secure_tls_1_3 && tls_session -> nx_secure_tls_local_session_active) { /* Client has negotiated TLS 1.3 and receives a ServerHello again. * Send an unexpected message alert. *//* ... */ return(NX_SECURE_TLS_UNEXPECTED_MESSAGE); }if (tls_session -> nx_secure_tls_1_3 && tls_session -> nx_secure_tls_local_session_active) { ... } /* ... */#endif /* First two bytes of the server hello following the header are the TLS major and minor version numbers. */ version = (USHORT)((packet_buffer[length] << 8) + packet_buffer[length + 1]); length += 2; /* Verify the version coming from the server. */ status = _nx_secure_tls_check_protocol_version(tls_session, version, NX_SECURE_TLS); if (status != NX_SUCCESS) { return(status); }if (status != NX_SUCCESS) { ... } /* Set the protocol version to whatever the Server negotiated - we have checked that we support this version in the call above, so it's fine to continue. *//* ... */ tls_session -> nx_secure_tls_protocol_version = version; #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if (tls_session -> nx_secure_tls_1_3 && (NX_SECURE_MEMCMP(_nx_secure_tls_hello_retry_request_random, &packet_buffer[length], NX_SECURE_TLS_RANDOM_SIZE) == 0)) { /* A HelloRetryRequest is received. */ if (old_client_state == NX_SECURE_TLS_CLIENT_STATE_HELLO_RETRY) { /* A second HelloRetryRequest is received. */ return(NX_SECURE_TLS_UNRECOGNIZED_MESSAGE_TYPE); }if (old_client_state == NX_SECURE_TLS_CLIENT_STATE_HELLO_RETRY) { ... } else { tls_session -> nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_HELLO_RETRY; }else { ... } }if (tls_session -> nx_secure_tls_1_3 && (NX_SECURE_MEMCMP(_nx_secure_tls_hello_retry_request_random, &packet_buffer[length], NX_SECURE_TLS_RANDOM_SIZE) == 0)) { ... } else #endif { /* Set the Server random data, used in key generation. First 4 bytes is GMT time. */ NX_SECURE_MEMCPY(&tls_session -> nx_secure_tls_key_material.nx_secure_tls_server_random[0], &packet_buffer[length], NX_SECURE_TLS_RANDOM_SIZE); /* Use case of memcpy is verified. */ }else { ... } length += NX_SECURE_TLS_RANDOM_SIZE; /* Session ID length is one byte. */ tls_session -> nx_secure_tls_session_id_length = packet_buffer[length]; length++; if ((length + tls_session -> nx_secure_tls_session_id_length) > message_length) { return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH); }if ((length + tls_session -> nx_secure_tls_session_id_length) > message_length) { ... } /* Session ID follows. */ if (tls_session -> nx_secure_tls_session_id_length > 0) { NX_SECURE_MEMCPY(tls_session -> nx_secure_tls_session_id, &packet_buffer[length], tls_session -> nx_secure_tls_session_id_length); /* Use case of memcpy is verified. */ length += tls_session -> nx_secure_tls_session_id_length; }if (tls_session -> nx_secure_tls_session_id_length > 0) { ... } /* Finally, the chosen ciphersuite - this is selected by the server from the list we provided in the ClientHello. */ ciphersuite = (USHORT)((packet_buffer[length] << 8) + packet_buffer[length + 1]); length += 2; /* Find out the ciphersuite info of the chosen ciphersuite. */ status = _nx_secure_tls_ciphersuite_lookup(tls_session, ciphersuite, &tls_session -> nx_secure_tls_session_ciphersuite, &ciphersuite_priority); if (status != NX_SUCCESS) { #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if (tls_session -> nx_secure_tls_1_3) { return(NX_SECURE_TLS_1_3_UNKNOWN_CIPHERSUITE); }if (tls_session -> nx_secure_tls_1_3) { ... } /* ... */#endif return(NX_SECURE_TLS_UNKNOWN_CIPHERSUITE); }if (status != NX_SUCCESS) { ... } /* Compression method - for now this should be NULL. */ compression_method = packet_buffer[length]; /* There are no supported compression methods, so non-zero is an error. */ if (compression_method != 0x00) { return(NX_SECURE_TLS_BAD_COMPRESSION_METHOD); }if (compression_method != 0x00) { ... } length++; /* Padding data? */ if (message_length >= (length + 2)) { /* TLS Extensions come next. Get the total length of all extensions first. */ total_extensions_length = (USHORT)((packet_buffer[length] << 8) + packet_buffer[length + 1]); length += 2; /* Message length overflow. */ if ((length + total_extensions_length) > message_length) { return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH); }if ((length + total_extensions_length) > message_length) { ... } if (total_extensions_length > 0) { /* Process serverhello extensions. */ status = _nx_secure_tls_process_serverhello_extensions(tls_session, &packet_buffer[length], total_extensions_length, extension_data, &num_extensions); /* Check for error. */ if (status != NX_SUCCESS) { return(status); }if (status != NX_SUCCESS) { ... } #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if (tls_session -> nx_secure_tls_1_3 != tls_1_3) { /* Server negotiates a version of TLS prior to TLS 1.3. */ return(status); }if (tls_session -> nx_secure_tls_1_3 != tls_1_3) { ... } /* ... */#endif /* If the server callback is set, invoke it now with the extensions that require application input. */ if (tls_session -> nx_secure_tls_session_client_callback != NX_NULL) { status = tls_session -> nx_secure_tls_session_client_callback(tls_session, extension_data, num_extensions); /* Check for error. */ if (status != NX_SUCCESS) { return(status); }if (status != NX_SUCCESS) { ... } }if (tls_session -> nx_secure_tls_session_client_callback != NX_NULL) { ... } }if (total_extensions_length > 0) { ... } }if (message_length >= (length + 2)) { ... } #ifndef NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION #ifdef NX_SECURE_TLS_REQUIRE_RENEGOTIATION_EXT #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if (!tls_session -> nx_secure_tls_1_3) #endif /* NX_SECURE_TLS_TLS_1_3_ENABLED */ { if ((tls_session -> nx_secure_tls_renegotation_enabled) && (!tls_session -> nx_secure_tls_secure_renegotiation)) { /* No "renegotiation_info" extension present, some clients may want to terminate the handshake. */ return(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR); }if ((tls_session -> nx_secure_tls_renegotation_enabled) && (!tls_session -> nx_secure_tls_secure_renegotiation)) { ... } ...}/* ... */ #endif /* NX_SECURE_TLS_REQUIRE_RENEGOTIATION_EXT */ if ((tls_session -> nx_secure_tls_local_session_active) && (!tls_session -> nx_secure_tls_secure_renegotiation_verified)) { /* The client did not receive the "renegotiation_info" extension, the handshake must be aborted. */ return(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR); }if ((tls_session -> nx_secure_tls_local_session_active) && (!tls_session -> nx_secure_tls_secure_renegotiation_verified)) { ... } tls_session -> nx_secure_tls_secure_renegotiation_verified = NX_FALSE;/* ... */ #endif /* NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION */ #ifdef NX_SECURE_TLS_CLIENT_DISABLED /* If TLS Client is disabled and we have processed a ServerHello, something is wrong... */ tls_session -> nx_secure_tls_server_state = NX_SECURE_TLS_SERVER_STATE_ERROR; return(NX_SECURE_TLS_INVALID_STATE);/* ... */ #else #if (NX_SECURE_TLS_TLS_1_3_ENABLED) if ((tls_session -> nx_secure_tls_1_3) && (old_client_state == NX_SECURE_TLS_CLIENT_STATE_IDLE)) { /* We have selected a ciphersuite so now we can initialize the handshake hash. */ status = _nx_secure_tls_handshake_hash_init(tls_session); if(status != NX_SUCCESS) { return(status); }if (status != NX_SUCCESS) { ... } }if ((tls_session -> nx_secure_tls_1_3) && (old_client_state == NX_SECURE_TLS_CLIENT_STATE_IDLE)) { ... } if (tls_session -> nx_secure_tls_client_state != NX_SECURE_TLS_CLIENT_STATE_HELLO_RETRY)/* ... */ #endif { /* Set our state to indicate we sucessfully parsed the ServerHello. */ tls_session -> nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_SERVERHELLO; ...} return(NX_SUCCESS);/* ... */ #endif/* ... */ #else /* NX_SECURE_TLS_SERVER_DISABLED */ /* If Server TLS is disabled and we recieve a serverhello, error! */ NX_PARAMETER_NOT_USED(tls_session); NX_PARAMETER_NOT_USED(packet_buffer); NX_PARAMETER_NOT_USED(message_length); return(NX_SECURE_TLS_UNEXPECTED_MESSAGE);/* ... */ #endif }{ ... }
Details
Show:
from
Types: Columns: